Effective Date: 4 February 2026 · Last Updated: 4 February 2026
RidgeLine Cyber Defence is a sole trader business operating from the United Kingdom, providing digital cybersecurity governance documentation, templates, and toolkits.
Data Controller: RidgeLine Cyber Defence
Contact Email: contact@ridgelinecyber.com
Website: https://ridgelinecyber.com
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, RidgeLine Cyber Defence is the data controller responsible for your personal data.
We collect and process the following personal data depending on how you interact with our website and services.
When you purchase a product: your name, email address, billing address, and payment information. Payment card details are processed exclusively by our payment processor. We never see, store, or have access to your full card number, expiry date, or CVV.
When you visit our website: technical data including your IP address, browser type, operating system, referring URL, pages visited, and time spent on pages. Our website is hosted on Cloudflare Pages, which processes this data to serve web pages and provide security protections. We use Cloudflare Web Analytics, which is a privacy-first, cookieless analytics service that does not track individual visitors or use cookies.
When you contact us by email: your name, email address, and any information you choose to include in your correspondence.
We process your personal data for the following purposes and on the following lawful bases under UK GDPR.
Contract performance (Article 6(1)(b)): to process your purchase, deliver your digital products, send order confirmations, and provide post-purchase support. Without this data, we cannot fulfil your order.
Legal obligation (Article 6(1)(c)): to maintain financial records as required by HMRC and UK tax law.
Legitimate interests (Article 6(1)(f)): to operate, maintain, and improve our website; to protect our website and business against fraud, abuse, and security threats; and to respond to your enquiries.
We do not use your personal data for automated decision-making or profiling. We do not sell, rent, or trade your personal data to any third party.
We will only send you marketing communications if you have given explicit consent to receive them. You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email or by contacting us at contact@ridgelinecyber.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
We share your personal data only with the following categories of third-party processors, each of whom is contractually bound to protect your data.
Payment processor: processes your payment securely. Our payment processor operates as a Merchant of Record, meaning they are the legal seller of the product and handle payment processing, tax calculation, and invoicing on our behalf. Their privacy policy is available on their website.
Cloudflare (website hosting and security): hosts our website and provides DDoS protection and content delivery. Cloudflare's privacy policy is available at https://www.cloudflare.com/privacypolicy/.
Email service provider: delivers transactional emails such as order confirmations and product delivery links.
We do not transfer your personal data outside the United Kingdom unless adequate safeguards are in place, including UK International Data Transfer Agreements where applicable.
Purchase records and transaction data: retained for six years from the date of transaction, as required by HMRC for tax record-keeping obligations.
Email correspondence: retained for up to two years from the date of last contact, unless a longer retention period is required for ongoing support or legal purposes.
Website analytics data: Cloudflare Web Analytics does not store personally identifiable data. Aggregated analytics data is retained by Cloudflare in accordance with their data retention policies.
We review retained data periodically and securely delete personal data that is no longer required for any lawful purpose.
Under UK GDPR, you have the following rights in relation to your personal data.
Right of access: you can request a copy of the personal data we hold about you.
Right to rectification: you can request that we correct any inaccurate or incomplete personal data.
Right to erasure: you can request that we delete your personal data where there is no compelling reason for its continued processing, subject to our legal retention obligations.
Right to restrict processing: you can request that we limit how we use your personal data in certain circumstances.
Right to data portability: you can request a copy of your personal data in a structured, commonly used, machine-readable format.
Right to object: you can object to processing based on legitimate interests at any time.
To exercise any of these rights, please contact us at contact@ridgelinecyber.com. We will respond to your request within one month. If your request is complex, we may extend this period by a further two months and will inform you accordingly.
Our website does not use cookies for analytics or tracking purposes. Cloudflare Web Analytics operates without cookies or local storage.
Cloudflare may set strictly necessary security cookies (such as __cf_bm) to protect our website from malicious traffic. These cookies are essential for the operation of the website and cannot be disabled. They do not track your browsing activity or collect personal data for marketing purposes.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include HTTPS encryption across our entire website, secure payment processing through our payment processor's PCI DSS certified infrastructure, and access controls limiting who can access personal data to those with a genuine business need.
No method of transmission over the internet is completely secure. While we take reasonable steps to protect your personal data, we cannot guarantee its absolute security.
Our products and services are designed for business and professional use. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that data promptly.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
Information Commissioner's Office
Website: https://ico.org.uk
Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us at contact@ridgelinecyber.com in the first instance.
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website and services after any changes constitutes acceptance of the updated policy.
If you have any questions about this privacy policy or how we handle your personal data, please contact us.
RidgeLine Cyber Defence
Email: contact@ridgelinecyber.com
Website: https://ridgelinecyber.com